diff --git a/.changeset/tall-timers-reply.md b/.changeset/tall-timers-reply.md
new file mode 100644
index 00000000000..66cfba410d0
--- /dev/null
+++ b/.changeset/tall-timers-reply.md
@@ -0,0 +1,5 @@
+---
+"@atproto-labs/fetch-node": patch
+---
+
+Disable use of HTTP2 when checking SSRF IP
diff --git a/packages/internal/fetch-node/src/unicast.ts b/packages/internal/fetch-node/src/unicast.ts
index 85f8ee9b27e..941d75a2f21 100644
--- a/packages/internal/fetch-node/src/unicast.ts
+++ b/packages/internal/fetch-node/src/unicast.ts
@@ -106,7 +106,9 @@ export function unicastFetchWrap<C = FetchContext>({
 
           let didLookup = false
           const dispatcher = new Client(url.origin, {
-            allowH2: true,
+            // Do *not* enable H2 here, as it will cause an error (the client
+            // will terminate the connection before the response is consumed).
+            // https://github.com/nodejs/undici/issues/3671
             connect: {
               keepAlive: false, // Client will be used once
               lookup(...args) {